On September 22, 2012, the Peruvian Ministry of Justice and Human Rights issued a draft regulation to implement Peru’s new Personal Data Protection Law. The comment period expires on October 5, 2012; however, the U.S. Department of Commerce’s International Trade Administration has requested an extension to allow additional time for comments. The Centre for Information Policy Leadership at Hunton & Williams LLP is considering high-level comments on the draft regulation. It is thought that Peru may intend to issue the final regulation prior to the 34th International ...
On September 27, 2012, the German Federal Network Agency, the Bundesnetzagentur (or “BNetzA”), together with the German Federal Commissioner for Data Protection, published a guide on traffic data retention. The guide, which is aimed at telecom providers, includes a comprehensive chart that clarifies data retention periods for different types of services, such as telephone, SMS, Internet and email, and their respective types of traffic data (e.g., mobile identification numbers, IP addresses and International Mobile Equipment Identity data) based on the purposes for the data storage.
On September 27, 2012, the European Commission presented its new strategy on cloud computing, entitled “Unleashing the Potential of Cloud Computing in Europe.” The Commission’s strategy is outlined on a new webpage that includes a communication document and a more detailed staff working paper.
On September 25, 2012, the Federal Trade Commission announced that it had settled a case involving allegations of spying by software company DesignerWare, LLC (“DesignerWare”) and several rent-to-own companies that rent computers to consumers, such as Aaron’s, Inc., ColorTyme, Inc., and Premier Rental Purchase. The FTC collaborated with Illinois Attorney General Lisa Madigan in its investigation.
As reported in the Hunton Employment & Labor Perspectives Blog:
On September 20, 2012, Administrative Law Judge Clifford H. Anderson struck down telecommunications company EchoStar Corporation’s policy prohibiting employees from making disparaging comments about it on social media sites. The National Labor Relations Board (“NLRB”) judge found that the prohibition, as well as a ban on employees using social media sites with company resources or on company time, chilled employees’ exercise of their rights under Section 7 of the National Labor Relations Act (“NLRA”). The EchoStar decision comes on the heels of the NLRB’s recent ruling striking down Costco Wholesale Corporation’s policy barring employees from posting statements online that were harmful to the company’s reputation.
On September 27, 2012, the UK Information Commissioner’s Office (“ICO”) published guidance on complying with the requirements of the UK Data Protection Act 1998 (“DPA”) in the context of cloud computing services (the “Guidance”). In its Guidance, the ICO reminds data controllers that transferring personal data to the cloud does not absolve them of their compliance obligations under the DPA.
On September 20, 2012, Hunton & Williams LLP announced Lisa J. Sotto, head of the firm’s Global Privacy and Data Security practice and managing partner of the New York office, was named among Ethisphere Institute’s “Attorneys Who Matter” for 2012. The annual listing includes approximately 100 lawyers from a range of legal disciplines who surpass their peers based on their experience, public service, legal community engagement and client endorsement.
As reported in the Hunton Employment & Labor Perspectives Blog:
On September 7, 2012, the National Labor Relations Board invalidated Costco Wholesale Corp.’s policy of prohibiting employee electronic posts in its first decision involving an employer’s social media policy. In Costco Wholesale Corporation and UFCW Local 371, Case No. 3A-CA-012421, the Board held, among other things, that Costco’s rule prohibiting employees from posting statements electronically that “damage the Company, defame any individual or damage any person’s reputation” was overly broad. The Board reasoned that the policy language contained no restrictions on its application and, thus, clearly encompassed protected concerted communications, such as speech that is critical of Costco or its agents. Accordingly, the rule had a tendency to chill employees’ protected activity in violation of Section 8(a)(1) of the National Labor Relations Act, which makes it an unfair labor practice for an employer to interfere with, restrain, or coerce employees in the exercise of their rights guaranteed by Section 7.
On September 13, 2012, the PCI Security Standards Council (“PCI SSC”) issued new guidelines entitled “PCI Mobile Payment Acceptance Security Guidelines” (the “Guidelines”), which outline best practices for mobile payment acceptance security. As we reported in May, the PCI SSC Mobile Working Group published its “At a Glance: Mobile Payment Acceptance Security” fact sheet, detailing how merchants can more securely accept payments on mobile devices.
On September 17, 2012, the Department of Health and Human Services (“HHS”) announced a $1.5 million settlement with the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (“MEEI”) for potential violations of the HIPAA Security Rule. In connection with the announcement, the HHS Office for Civil Rights (“OCR”) Director Leon Rodriguez stated that organizations should pay special attention to safeguarding information “stored and transported on portable devices such as laptops, tablets, and mobile phones” and that “compliance with the HIPAA Privacy and Security Rules must be prioritized by management and implemented throughout an organization, from top to bottom.”
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- Age Appropriate Design Code
- Age Verification
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Audit
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Consumer Rights
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cross-Border Data Transfer
- Cyber Attack
- Cybersecurity and Infrastructure Security Agency
- Data Breach
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Protection Officer
- Data Security
- Data Transfer
- David Dumont
- David Vladeck
- Deceptive Trade Practices
- Delaware
- Denmark
- Department of Commerce
- Department of Defense
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Design
- Digital Markets Act
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DORA
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Electronic Protected Health Information
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- Financial Data
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Geolocation Data
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- HIPAA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- Iowa
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Large Language Model
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Louisiana
- Madrid Resolution
- Maine
- Malaysia
- Maryland
- Massachusetts
- Meta
- Mexico
- Michigan
- Microsoft
- Minnesota
- Missouri
- Mobile
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- North Dakota
- North Korea
- Norway
- Obama Administration
- OCPA
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Online Behavioral Advertising
- Online Privacy
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Poland
- PRISM
- Privacy By Design
- Privacy Notice
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Profiling
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk Assessment
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Salesforce
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Sensitive Data
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- States Attorney General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code